Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of our Terms of Service and reflects our commitment to protecting personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

• Controller: The entity that determines the purposes and means of processing personal data
• Processor: The entity that processes personal data on behalf of the Controller
• Sub-processor: Any processor engaged by Chanmax
• Personal Data: Any information relating to an identified or identifiable natural person

This DPA applies to the processing of personal data by Chanmax as a Processor on behalf of our clients (Controllers) in connection with our services.

• Nature of processing: Digital service provision and support
• Duration: As specified in the service agreement
• Categories of data subjects: Client's customers, employees, and users
• Types of personal data: Contact information, usage data, and service-related data

As a Processor, Chanmax commits to:

• Process personal data only on documented instructions from the Controller
• Ensure confidentiality of processing
• Implement appropriate technical and organizational security measures
• Assist the Controller in responding to data subject requests
• Support the Controller in ensuring GDPR compliance
• Delete or return personal data at the end of service provision

The Controller provides general authorization for Chanmax to engage sub-processors under the following conditions:

• Written agreement imposing data protection obligations
• Prior notification of any intended changes
• Right to object to such changes
• Maintaining an up-to-date list of sub-processors

We implement appropriate technical and organizational measures including:

• Encryption of personal data in transit and at rest
• Regular testing of security measures
• Access control and authentication mechanisms
• Regular staff training on data protection
• Incident response procedures

In the event of a personal data breach, Chanmax will:

• Notify the Controller without undue delay
• Provide detailed information about the breach
• Document all breaches and remedial actions
• Assist in notifying supervisory authorities if required

Any transfer of personal data outside the EEA will be subject to appropriate safeguards:

• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules where applicable
• Adequacy decisions by the European Commission

For any questions about this DPA or to exercise your rights, contact us at:

• Data Protection Officer: dpo@chanmax.com
• Legal Department: legal@chanmax.com
• Address: [Your Business Address]